File checking method and system

文档序号:8013 发布日期:2021-09-17 浏览:67次 中文

1. A file verification method, comprising:

the upper computer encrypts a file to be transmitted by using a private key in a preset key pair, and calculates a hash value of the encrypted file to be transmitted to obtain a first hash value;

the upper computer sends the file to be transmitted and the first hash value;

the lower computer receives the first hash value and the file to be transmitted, and calculates the hash value of the file to be transmitted to obtain a second hash value;

and the lower computer decrypts the first hash value by using the public key in the preset key pair to obtain a third hash value, and judges that the file to be transmitted is complete under the condition that the second hash value is consistent with the third hash value.

2. The file verification method according to claim 1, wherein the process of calculating the hash value of the encrypted file to be transmitted by the upper computer to obtain the first hash value includes:

and calculating the hash value of the encrypted file to be transmitted by using a preset digital signature algorithm to obtain a first hash value.

3. The file verification method according to claim 1, wherein the process of sending the first hash value by the upper computer includes:

adding the first hash value to a preset bit in a diagnostic message;

and sending the diagnosis message.

4. The file verification method according to claim 3, wherein the process of receiving the first hash value by the lower computer includes:

acquiring the diagnosis message;

and analyzing the diagnosis message, and extracting a first hash value recorded by a preset bit in an analysis result.

5. The file verification method according to claim 1, wherein a process of calculating, by the lower computer, the hash value of the file to be transmitted to obtain the second hash value includes:

and calculating the hash value of the file to be transmitted by utilizing a preset digital signature algorithm to obtain a second hash value.

6. A file verification system, comprising:

the first calculation unit encrypts the file to be transmitted by using a private key in a preset key pair, and calculates the hash value of the encrypted file to be transmitted to obtain a first hash value;

the sending unit is used for sending the file to be transmitted and the first hash value;

the second calculation unit is used for receiving the first hash value and the file to be transmitted and calculating the hash value of the file to be transmitted to obtain a second hash value;

the decryption unit decrypts the first hash value by using the public key in the preset key pair to obtain a third hash value;

and the judging unit is used for judging whether the second hash value is consistent with the third hash value or not, judging that the file to be transmitted is complete if the second hash value is consistent with the third hash value, and judging that the file to be transmitted is incomplete if the second hash value is inconsistent with the third hash value.

7. The file checking system according to claim 6, wherein the first computing unit further comprises:

and calculating the hash value of the encrypted file to be transmitted by using a preset digital signature algorithm to obtain a first hash value.

8. The file checking system according to claim 6, wherein the sending unit further comprises:

adding the first hash value to a preset bit in a diagnostic message;

and sending the diagnosis message.

9. The file checking system according to claim 8, wherein the second computing unit further comprises:

acquiring the diagnosis message;

and analyzing the diagnosis message to obtain an analysis result, and extracting a first hash value recorded by a preset bit in the analysis result.

10. The file checking system according to claim 6, wherein the second computing unit further comprises:

and calculating the hash value of the file to be transmitted by utilizing a preset digital signature algorithm to obtain a second hash value.

Background

With the continuous development of automobile electronic technology, the requirements on the security and the integrity of file transmission in the file transmission process are higher and higher, and particularly in the process of downloading files by various controllers on a whole automobile, once the files are missed and missed in the transmission process, the files obtained by the controllers are incomplete, which may directly result in that the controllers cannot realize the established functions, even are tampered, and the security of the automobile is affected.

In order to check the integrity of a transmitted file, the prior art mostly adopts a CRC32 redundancy algorithm, and the checking principle of the algorithm is that an r-bit binary check code is actually added after a p-bit binary data sequence, so as to form a binary sequence check code with the total length of (p + r), and a specific relationship exists between the binary sequence check code and the data sequence of the file to be transmitted. This particular relationship is destroyed if a bit or bits in the data sequence of the file to be transmitted are erroneous due to interference or the like. Therefore, the integrity of the file to be transmitted can be checked by checking the corresponding relation between the two files.

However, the CRC32 redundancy algorithm belongs to a typical symmetric encryption algorithm, both communication parties use the same key, the security is poor, and the practical application requirements are difficult to meet.

Disclosure of Invention

In view of this, an object of the present invention is to provide a file verification method and system, which implement integrity verification of a file to be transmitted based on an asymmetric algorithm, where an upper computer and a lower computer use different keys, the decryption difficulty is large, and accuracy of file integrity verification can be improved, and a specific scheme is as follows:

in a first aspect, the file verification method provided by the present invention includes:

the upper computer encrypts a file to be transmitted by using a private key in a preset key pair, and calculates a hash value of the encrypted file to be transmitted to obtain a first hash value;

the upper computer sends the file to be transmitted and the first hash value;

the lower computer receives the first hash value and the file to be transmitted, and calculates the hash value of the file to be transmitted to obtain a second hash value;

and the lower computer decrypts the first hash value by using the public key in the preset key pair to obtain a third hash value, and judges that the file to be transmitted is complete under the condition that the second hash value is consistent with the third hash value.

Optionally, the process of calculating the hash value of the encrypted file to be transmitted by the upper computer to obtain the first hash value includes:

and calculating the hash value of the encrypted file to be transmitted by using a preset digital signature algorithm to obtain a first hash value.

Optionally, the process of sending the first hash value by the upper computer includes:

adding the first hash value to a preset bit in a diagnostic message;

and sending the diagnosis message.

Optionally, the process of receiving, by the lower computer, the first hash value includes:

acquiring the diagnosis message;

and analyzing the diagnosis message, and extracting a first hash value recorded by a preset bit in an analysis result.

Optionally, the process of calculating, by the lower computer, the hash value of the file to be transmitted to obtain a second hash value includes:

and calculating the hash value of the file to be transmitted by utilizing a preset digital signature algorithm to obtain a second hash value.

In a second aspect, the present invention provides a file verification system, including:

the first calculation unit encrypts the file to be transmitted by using a private key in a preset key pair, and calculates the hash value of the encrypted file to be transmitted to obtain a first hash value;

the sending unit is used for sending the file to be transmitted and the first hash value;

the second calculation unit is used for receiving the first hash value and the file to be transmitted and calculating the hash value of the file to be transmitted to obtain a second hash value;

the decryption unit decrypts the first hash value by using the public key in the preset key pair to obtain a third hash value;

and the judging unit is used for judging whether the second hash value is consistent with the third hash value or not, judging that the file to be transmitted is complete if the second hash value is consistent with the third hash value, and judging that the file to be transmitted is incomplete if the second hash value is inconsistent with the third hash value.

Optionally, the first computing unit further includes:

and calculating the hash value of the encrypted file to be transmitted by using a preset digital signature algorithm to obtain a first hash value.

Optionally, the sending unit further includes:

adding the first hash value to a preset bit in a diagnostic message;

and sending the diagnosis message.

Optionally, the second computing unit further includes:

acquiring the diagnosis message;

and analyzing the diagnosis message to obtain an analysis result, and extracting a first hash value recorded by a preset bit in the analysis result.

Optionally, the second computing unit further includes:

and calculating the hash value of the file to be transmitted by utilizing a preset digital signature algorithm to obtain a second hash value.

According to the file verification method provided by the invention, the upper computer encrypts the file to be transmitted by using the private key in the preset key pair, calculates the first hash value corresponding to the encrypted file to be transmitted, calculates the hash value of the obtained file to be transmitted after acquiring the file to be transmitted and the first hash value to obtain the second hash value, decrypts the first hash value by using the public key in the preset key pair to obtain the third hash value, and if the file to be transmitted has errors and omissions in the transmission process, the third hash value obtained after decryption is consistent with the second hash value, so that the lower computer can judge that the file to be transmitted is complete under the condition that the obtained second hash value is consistent with the third hash value. The file verification method provided by the invention is realized based on the asymmetric encryption algorithm, the integrity verification of the file to be transmitted is realized by utilizing the preset key pair in the asymmetric algorithm and the corresponding hash value, and compared with the symmetric algorithm used in the prior art, the upper computer and the lower computer use different keys, the deciphering difficulty is high, and the accuracy of the file integrity verification can be improved.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.

Fig. 1 is a flowchart of a file verification method according to an embodiment of the present invention;

fig. 2 is a block diagram of a file verification system according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Optionally, referring to fig. 1, fig. 1 is a flowchart of a file verification method provided in an embodiment of the present invention, where the method may be applied to an upper computer and a lower computer, specifically, the upper computer may be an electronic device such as a notebook computer and a PC, and the lower computer may be any controller that needs to download a file from the upper computer on a whole vehicle; referring to fig. 1, a flow of a file verification method provided in an embodiment of the present invention may include:

s100, encrypting the file to be transmitted by the upper computer by using a private key in a preset key pair to obtain the encrypted file to be transmitted.

The file verification method provided by the embodiment of the invention is realized by adopting an asymmetric encryption algorithm for the encryption process of the file to be transmitted, and based on the basic principle of the asymmetric encryption algorithm, a public key and a private key corresponding to the public key are needed in the actual application of the asymmetric encryption algorithm, the public key and the private key work to form a key pair, one party of two parties carrying out file transmission holds the public key, and the other party holds the private key.

Based on this premise, in the file verification method provided by the embodiment of the present invention, a set of preset key pairs including a public key and a private key corresponding to the public key is provided, and further, the upper computer owns the private key in the preset key pair, and correspondingly, the lower computer owns the public key in the preset key pair.

Before the file to be transmitted is sent, the upper computer firstly encrypts the file to be transmitted by using a private key in a preset key pair, so that the encrypted file to be transmitted is obtained.

Optionally, the preset key pair in the embodiment of the present invention is implemented based on an RSA algorithm. The basic principle behind the RSA algorithm providing public and private keys is: according to number theory, it is relatively simple to find two large prime numbers, and factoring their product is extremely difficult, so the product can be disclosed as an encryption key.

Based on this basic principle, the basic process of obtaining the preset key pair used in the embodiment of the present invention based on the RSA algorithm is as follows:

first, two unequal prime numbers p and q are randomly selected, and the product of p and q is calculated, where n is p × q. According to the Euler functionIt is conceivable that if a number n can be decomposed into the product of two prime numbers, then there must be:based on this, an integer e can be randomly selected such that e satisfiesAnd e andare relatively prime.

Further, according to the Euler theorem, if two positive integers a and n are relatively prime, then the Euler function of nCan be used forLet the following equation hold:order toThen ab ≡ 1(mod n).

Due to e andcoprime, for the modulo element d of e, there is ed ≡ 1(mod n). The formula is equivalent to(k is any positive integer).

From this, (d, k) can be solved. Finally, (n, e) of the public keys and (n, d) of the private keys are combined to form a public key. The length of n is the length of the key, the length of the key is generally 1024 bits in practical use, and if the security of file transmission is required to be extremely high, the length of the key of 2048 bits can be selected.

In practical application, the formula m ═ c can be usedemod n, and encrypting the file to be transmitted by combining with a corresponding encryption algorithm to obtain the encrypted file to be transmitted, wherein m represents the encrypted file to be transmitted, and c represents the file to be transmitted.

S110, the upper computer calculates the hash value of the encrypted file to be transmitted to obtain a first hash value.

The hash value of the encrypted file to be transmitted may be calculated by using a preset digital signature algorithm, for example, the hash value of the file to be transmitted may be calculated by using SHA-256 algorithm, so as to obtain a first hash value.

The SHA-256 algorithm is a digital signature algorithm suitable for the relevant requirements in the digital signature standard, and for files with the length less than 2^64 bits, a 256-bit hash value called a message digest, namely the hash value mentioned in the step can be generated.

The hash value, which may be understood as creating a small "digital fingerprint" from any kind of data, is compressed into an abstract by a hash function, specifically, SHA-256 algorithm, so that the amount of data is effectively reduced, and the format of the data is fixed.

For any length of file to be transmitted, the SHA-256 algorithm generates a 256-bit long hash value, i.e. the first hash value mentioned in this embodiment, which is equivalent to an array with a length of 32 bytes, and is usually represented by a 64-hexadecimal character string.

The hash value of a larger file can be calculated through SHA-256 calculation, and if the calculated hash values of two files are the same, the two files can be judged to be completely the same.

It should be noted that, for the specific process of calculating the hash value of the encrypted file to be transmitted, i.e. the first hash value, based on the SHA-256 algorithm, the process can be implemented with reference to the prior art, and the process is not specifically limited in the present invention.

And S120, the upper computer sends the file to be transmitted and the first Hash value to the lower computer.

After the first hash value of the encrypted file to be transmitted is obtained, the upper computer can send the file to be transmitted and the first hash value to the lower computer, and it needs to be emphasized that the file to be transmitted is transmitted to the lower computer by the upper computer, but the file is not the encrypted file to be transmitted.

Specifically, in practical application, the upper computer mostly sends the file to be transmitted to a preset memory area of the lower computer, and further, the BootLoader solidified in the lower computer further completes subsequent operations, such as updating, installing, upgrading and the like of the file to be transmitted.

Optionally, in general, the upper computer and the lower computer are connected by a CAN bus, and file transmission between the upper computer and the lower computer is realized based on a CAN bus protocol.

Based on the relevant protocol standard for file transmission in the CAN bus protocol, the transmission of the file to be transmitted CAN be completed between the upper computer and the lower computer by initiating 34, 36 and 37 services, wherein 34 service is a request downloading service, 36 service is a transmission data service, and 37 service is a request quitting transmission process service. The specific process that the upper computer and the lower computer initiate the various services and complete the transmission of the file to be transmitted can be realized by referring to the prior art, and the specific process is not expanded.

The sending of the first hash value may be realized through other ways, that is, in practical application, the sending of the file to be transmitted and the sending of the first hash value in this step are realized through two steps.

Optionally, the CAN bus protocol further includes 31 services, and the upper computer sends 31 services, that is, sends a diagnosis message to the lower computer to achieve a corresponding diagnosis purpose. Specifically, in the method for checking a transmission file according to the embodiment of the present invention, the first hash value may be added to a preset bit of the diagnostic packet, and then the upper computer sends the diagnostic packet to the lower computer, so that transmission of the first hash value is achieved.

Of course, in practical applications, the first hash value may also be sent in other manners, and on the premise of not exceeding the scope of the core idea of the present invention, the first hash value also belongs to the protection scope of the present invention.

S130, the lower computer obtains the file to be transmitted and the first hash value.

Based on the above, under the condition that the upper computer and the lower computer are in communication connection through the CAN bus, the upper computer and the lower computer CAN transmit the file to be transmitted and the first hash value through different service initiating modes, and because the operations executed by the receiver and the sender are corresponding, the process that the lower computer receives the file to be transmitted based on different service modes in the CAN bus protocol is not described any more here.

And for the reception of the first hash value, based on the above content, after the lower computer receives the diagnostic message, the lower computer analyzes the diagnostic message to obtain an analysis result, and then directly extracts the first hash value recorded by the preset bit in the analysis result.

In practical application, the operations executed by the lower computer in this step are all realized by the lower computer executing the solidified BootLoader system program.

S140, the lower computer calculates the hash value of the file to be transmitted to obtain a second hash value.

After the lower computer obtains the file to be transmitted, the hash value of the file to be transmitted can be directly calculated, and then a second hash value is obtained.

It is conceivable that both the upper computer and the lower computer need to calculate a hash value, and in order to achieve the purpose of mutual verification, the lower computer and the upper computer should calculate the hash value by using the same algorithm, so that if the first hash value calculated by using the SHA-256 algorithm used by the upper computer is the first hash value, the lower computer should calculate the second hash value by using the SHA-256 algorithm in this step as well.

And S150, the lower computer decrypts the first hash value by using the public key in the preset key pair to obtain a third hash value.

According to the foregoing, the preset key pair provided by the asymmetric algorithm includes a private key and a public key, where the private key is used by the upper computer, and the public key is used by the lower computer. After the lower computer obtains the first hash value, the public key corresponding to the private key used by the upper computer in the preset key pair can be used for carrying out decryption calculation on the first hash value, and a third hash value is obtained.

As mentioned above, the upper computer completes the encryption of the file to be transmitted based on the formula m ═ ce mod n, and accordingly, in this step, the lower computer can complete the decryption of the first hash value based on c ═ me mod n and by combining with the preset encryption algorithm, and further obtain the third hash value.

S160, the lower computer determines whether the second hash value is consistent with the third hash value, and if the second hash value is the same as the third hash value, S170 is executed.

Based on the above steps, the first hash value of the lower computer is obtained based on the file to be transmitted after being encrypted by the private key, and in this step, the third hash value is obtained by decrypting the first hash value by the public key, so that the third hash value corresponds to the plaintext data of the file to be transmitted. Further, the second hash value is also obtained based on the file to be transmitted, that is, the plaintext data of the file to be transmitted, so that if no error change of data occurs during the transmission process of the file to be transmitted, the third hash value should be the same as the second hash value, and if not, the third hash value and the second hash value are different.

Therefore, if the second hash value is different from the third hash value, it can be determined that the file to be transmitted is incomplete.

And S170, the lower computer judges that the file to be transmitted is complete.

If the second hash value is the same as the third hash value after comparison, the received file to be transmitted can be judged to be complete.

In summary, the file verification method provided by the present invention is implemented based on the asymmetric encryption algorithm, and the integrity verification of the file to be transmitted is implemented by using the preset key pair and the corresponding hash value in the asymmetric algorithm.

The file verification system described below may be regarded as a functional module architecture that needs to be set in the central device to implement the file verification method provided by the embodiment of the present invention; the following description may be cross-referenced with the above.

Referring to fig. 2, fig. 2 is a block diagram of a structure of a file verification system according to an embodiment of the present invention, where the file verification system according to the embodiment includes:

the first calculation unit 10 encrypts the file to be transmitted by using a private key in a preset key pair, and calculates a hash value of the encrypted file to be transmitted to obtain a first hash value;

a sending unit 20 that sends a file to be transmitted and a first hash value;

the second calculating unit 30 receives the first hash value and the file to be transmitted, and calculates the hash value of the file to be transmitted to obtain a second hash value;

the decryption unit 40 decrypts the first hash value by using the public key in the preset key pair to obtain a third hash value;

the determining unit 50 determines whether the second hash value is consistent with the third hash value, determines that the file to be transmitted is complete if the second hash value is consistent with the third hash value, and determines that the file to be transmitted is incomplete if the second hash value is inconsistent with the third hash value.

Optionally, the first computing unit 10 further includes:

and calculating the hash value of the encrypted file to be transmitted by using a preset digital signature algorithm to obtain a first hash value.

Optionally, the sending unit 20 further includes:

adding the first hash value to a preset bit in the diagnostic message;

and sending a diagnosis message.

Optionally, the second calculating unit 30 further includes:

acquiring a diagnosis message;

and analyzing the diagnosis message to obtain an analysis result, and extracting a first hash value recorded by a preset bit in the analysis result.

Optionally, the second calculating unit 30 further includes:

and calculating the hash value of the file to be transmitted by using a preset digital signature algorithm to obtain a second hash value.

The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system disclosed by the embodiment, the description is relatively simple because the system corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description.

Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.

The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.

The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

完整详细技术资料下载
上一篇:石墨接头机器人自动装卡簧、装栓机
下一篇:故障检测

网友询问留言

已有0条留言

还没有人留言评论。精彩留言会获得点赞!

精彩留言,会给你点赞!

技术分类